65116c02d5e26ea5ccf49f8dd6ec5219a08c1c34e8053b9c47794b7a796270b7

Sharing

Copy URL Twitter E-mail

General

Target

65116c02d5e26ea5ccf49f8dd6ec5219a08c1c34e8053b9c47794b7a796270b7
Size

25KB
MD5

3e41fe60795386996b41c992ba9835d9
SHA1

cbe01cc0e48ca805eb9f321af79159dc36b64640
SHA256

65116c02d5e26ea5ccf49f8dd6ec5219a08c1c34e8053b9c47794b7a796270b7
SHA512

3be18b6cd66cf991dfb466caf00be3fc2e8fc13cac0e7ba7013357f193464e3e8b2d50b334739dce28ab5b5dc7384d4cd9e4788f67090084ba977dc0f60f1fd9
SSDEEP

768:J7g3PoR4V5CpGyXszpNR6T5niJjNb0gjyxj:J78PoR4ipn8tNg5nibbsl

Score

N/A

Malware Config

Signatures

Files

65116c02d5e26ea5ccf49f8dd6ec5219a08c1c34e8053b9c47794b7a796270b7
.dll windows x86

dac35e5b1512db839b4e65324651db06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetModuleFileNameA
WaitForSingleObject
CreateThread
VirtualProtect
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
ExitProcess
GetFileSize
MoveFileA
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
GetModuleHandleA
ReadFile
SetFilePointer
GetCommandLineA
WritePrivateProfileStringA
GetTempPathA
GetPrivateProfileStringA
OutputDebugStringA
Sleep
GetFileAttributesA
DeleteFileA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
CloseHandle

user32

RegisterWindowMessageA
wsprintfA
CallWindowProcA
GetClassNameA
GetWindowTextA
GetClientRect
ReleaseDC
GetDC
GetWindowRect
GetDesktopWindow
SetWindowLongA
RegisterShellHookWindow
GetWindowThreadProcessId
GetParent
EnumWindows

gdi32

GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
SelectPalette
RealizePalette
SelectObject
GetDIBits

ws2_32

inet_addr
inet_ntoa
connect
closesocket
gethostbyname
WSAStartup
WSACleanup
socket
recv
send
htons

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown

urlmon

URLDownloadToFileA

msvcrt

_adjust_fdiv
_initterm
free
_onexit
__dllonexit
_stricmp
_strrev
_strlwr
strncmp
fgets
_getpid
malloc
wcscmp
abs
strchr
atoi
strtok
strcat
sprintf
memcpy
__CxxFrameHandler
fread
fopen
fclose
strncpy
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
strstr
strlen
strcpy
strrchr

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

KsCreateAllocator
KsCreatePin
KsCreateTopologyNode
ServerMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dac35e5b1512db839b4e65324651db06

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

wininet

gdiplus

urlmon

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB